Why Riseup’s Canary Matters

2017-01-06

UPDATE: In a Feb 16, 2017 press release Riseup confirmed they had been unable to update their warrant canary due to gag orders that accompanied two sealed warrants related to alleged extortion activities. They have complied with these warrants and have updated their canary with more general language.

After nearly five months, I am calling it: Riseup’s canary is truly well and dead. Riseup’s services have been compromised and are no longer secure.

This may sound like an extreme claim, until one understands that the canary existed to let us know if Riseup was ever compromised.

Understanding Warrant Canaries

Whenever state authorities compel an internet service provider (ISP) to turn over user data, limits may also be placed on the target ISP on communicating the existence of said legal commands. Wary of this possibility, some ISPs use ‘canary statements’ (also called warrant canaries or transparency reports) to indirectly convey their services’ integrity.

Warrant canaries are possible thanks to the legal concept of “compelled speech”, which prevents authorities from forcing parties (in this case the ISP) from making specific statements.

In short, the ISP keeps repeating everything is OK, until it stops saying everything is OK.

Riseup’s Canary & Its Death

The Riseup Collective took their canary statement a step further by releasing a verifiable statement roughly every three months denying:

Being subject to any gag order by a FISA court, or any other similar court of any government;

Placing any backdoors in their hardware or software and having received any requests to do so;

Disclosing any user communications to any third party.

The Riseup Collective used their public PGP key to cryptographically-sign the statement, greatly diminishing the possibility of state authorities updating the canary themselves in the case of the complete seizure of the Collective’s infrastructure.

As of January 6, 2017, it has been 143 days—nearly five months—since Riseup’s canary was last updated.

Why Riseup’s Compromise Matters Now More than Ever

Considering the reasons for having a canary and the precautions they took implementing it, is now reasonable to assume that some or all of the above denials are no longer valid and that Riseup’s services have been compromised and are no longer secure.

The Riseup Collective correctly states that precise information can allow state authorities to disrupt large social movements through the disruption of specific relationships and associations.

On January 20, the Trump administration will take control of the United States Intelligence Community, collectively the most powerful and experienced intelligence-gathering system in the history of the world.

Compromising one of the most visible and accessible community ISPs guarantees that movement organizations and individuals abandoning corporate communication infrastructure for the perceived safety of community-created and community-led collectives will remain vulnerable to state disruption as they seek to resist against the incoming administration’s authoritarian, sexist, xenophobic and racist policies.

What Now?

If we are serious about organizing against this administration and its threats, we must immediately begin using service providers that are secure from known legal, physical and technical attacks. This is a list of suggestions that I will discuss in follow-up posts:

EmailProtonmail, a Swiss-based provider. It isn’t perfect, but it is legally and technically safer than any US-based service. Accepts Bitcoin

HostingOrangeWebsite, an Iceland-based provider. Like Protonmail, it isn’t perfect and should not be used for secure email, but it is legally and technically safer than any US-based service. Their servers also run on 100% renewable energy. Accepts Bitcoin

Text and Calls For mobile communications, Whisper System’s’s Signal is great. Just use disappearing messages!

Browsing For everyday internet usage, use Tor Browser and carefully follow their suggestions.